CVE-2025-11368

MEDIUM EXPLOITED NUCLEI

LearnPress - WordPress LMS Plugin <4.2.9.4 - Info Disclosure

Title source: llm

Description

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 4.2.9.4. This is due to missing capability checks in the REST endpoint /wp-json/lp/v1/load_content_via_ajax which allows arbitrary callback execution of admin-only template methods. This makes it possible for unauthenticated attackers to retrieve admin curriculum HTML, quiz questions with correct answers, course materials, and other sensitive educational content via the REST API endpoint granted they can supply valid numeric IDs.

Nuclei Templates (1)

LearnPress < 4.3.0 - Arbitrary Callback Execution to Information Exposure

MEDIUMVERIFIEDby pussycat0x

Shodan: http.html:"/wp-content/plugins/learnpress/"

FOFA: body="/wp-content/plugins/learnpress/"

References (4)

[Product] https://plugins.trac.wordpress.org/browser/learnpress/trunk/inc/rest-api/v1/frontend/class-lp-rest-ajax-controller.php#L23

[Product] https://plugins.trac.wordpress.org/browser/learnpress/trunk/inc/rest-api/v1/frontend/class-lp-rest-ajax-controller.php#L41

[Product] https://plugins.trac.wordpress.org/changeset?old_path=/learnpress/tags/4.2.9.4&new_path=/learnpress/tags/4.3.0&sfp_email=&sfph_mail=

[Third Party Advisory] https://www.wordfence.com/threat-intel/vulnerabilities/id/0c9856db-3779-4649-9a48-1c7b6d019816?source=cve

Scores

CVSS v3 5.3

EPSS 0.0073

EPSS Percentile 72.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

VulnCheck KEV 2026-03-31

CWE

CWE-200

Status published

Products (2)

thimpress/LearnPress – WordPress LMS Plugin < 4.2.9.4

thimpress/LearnPress – WordPress LMS Plugin for Create and Sell Online Courses < 4.2.9.4

Published Nov 21, 2025

Tracked Since Feb 18, 2026